Wikipedia is built around the principle that anyone can edit it, and it therefore aims to have as many of its pages as possible open for public editing, so that anyone can add material and correct errors. However in particular circumstances, because of a specifically identified likelihood of damage resulting if editing is left open, some individual pages may need to be subject to technical restrictions (often only temporary) on who is permitted to modify them. The placing of such restrictions on pages is called protection.

Protection can be applied to pages, or removed, by Wikipedia's administrators, although any user may request these actions. Protection can be indefinite, or expire after a specified time.

The most commonly encountered types of protection are full protection, which means that a page can be modified only by administrators, and semi-protection, which means that a page can be modified only by users who are logged in and whose accounts have been confirmed (which usually happens automatically after a few days' editing). Other forms of protection are detailed below. Protected pages are normally marked with a small padlock symbol in the top corner; different color padlocks represent different protection types, as shown in the box on the right.

This policy explains in detail the protection types and procedures for page protection and unprotection, and the reasons for which protection should and should not be applied.

A fully protected page can be edited only by administrators. The protection may be for a specified time or may be indefinite.

Modifications to a fully protected page can be proposed on its talk page, or in another appropriate forum for discussion. Administrators can make changes to the protected article reflecting consensus. Placing the {{Edit protected}} template on the talk page will draw the attention of administrators for implementing uncontroversial changes.

On pages that are experiencing edit warring, temporary full protection can force the parties to discuss their edits on the talk page, where they can reach consensus. Isolated incidents of edit warring, and persistent edit warring by particular users, may be better addressed by blocking, so as not to prevent normal editing of the page by others.

When protecting a page because of a content dispute, administrators normally protect the current version, except where the current version contains content that clearly violates content policies, such as vandalism, copyright violations, or defamation of living persons. Since protecting the most current version sometimes rewards edit warring by establishing a contentious revision, administrators may also revert to an old version of the page predating the edit war if such a clear point exists. Pages that are protected because of content disputes should not be edited except to make changes which are uncontroversial or for which there is clear consensus (see above).

Administrators should not protect or unprotect a page to further their own positions in content disputes.

Pre-emptive full protection of articles is contrary to the open nature of Wikipedia. Brief periods of full protection are used in rare cases when a large number of autoconfirmed accounts are used to make a sustained vandalism attack on an article. Persistent vandalism, or the possibility of future vandalism for highly trafficked articles, rarely provides a basis for full-protection. Semi-protection is used for articles, such as Jesus, that have a pattern of heavy sustained vandalism.

If a deleted page is undergoing deletion review, only administrators are normally capable of viewing the former content of the page. If they feel it would benefit the discussion to allow other users to view the page content, administrators may restore the page, blank it or replace the contents with {{TempUndelete}} or a similar notice, and fully protect the page to prevent further editing. The previous contents of the page are then accessible to non-admins via the page history.

Semi-protection prevents edits from unregistered users (IP addresses), as well as edits from any account that is not autoconfirmed (is at least four days old and has at least ten edits to Wikipedia) or confirmed.

Such users can request edits to a semi-protected page by proposing them on its talk page, using the {{Edit semi-protected}} template if necessary to gain attention. If the page in question and its talk page are both protected please make your edit request at Wikipedia:Request for edit instead. New users may also request the confirmed user right by visiting Requests for permissions.

Administrators may apply indefinite semi-protection to pages that are subject to heavy and persistent vandalism or violations of content policy (such as biographies of living persons, neutral point of view). Semi-protection should not be used as a preemptive measure against vandalism that has not yet occurred, nor should it be used to privilege registered users over unregistered users in (valid) content disputes.

In addition, administrators may apply temporary semi-protection on pages that are:

Subject to significant but temporary vandalism or disruption (for example, due to media attention) when blocking individual users is not a feasible option.

Subject to edit-warring where all parties involved are unregistered or new editors (i.e., in cases in which full-protection would otherwise be applied). This does not apply when autoconfirmed users are involved.

Article discussion pages, when they have been subject to persistent disruption. Such protection should be used sparingly because it prevents unregistered and newly registered users from participating in discussions. A page and its talk page should not normally be protected at the same time. If a page and its talk page are both protected, the talk page should direct affected editors to Wikipedia:Request for edit, to ensure that no editor is entirely prevented from contributing.

Talk pages of blocked IP addresses that are being used for continued inappropriate editing, including repeated abuse of the {{unblock}} template, or continued uncivil or offensive remarks. The protection should be timed so as to not exceed the length of the block. Administrators may also choose to change the block settings to block the user from editing their talk page instead, since there is no need to synchronize the block period with the page protection time period with this method.

Administrators can prevent the creation of a page through the protection interface. This is useful for articles that have been deleted but repeatedly recreated. Such protection is case-sensitive. A list of protected titles may be found at Special:Protectedtitles (see also historical lists).

Pre-emptive restrictions on new article titles are instituted through the title blacklist system, which allows for more flexible protection with support for substrings and regular expressions.

Pages that have been creation-protected are sometimes referred to as "salted". Contributors wishing to re-create a salted title with more appropriate content should contact an administrator (look for one who was previously involved) or use the deletion review process.

As with full protection, protection because of editwarring should not be considered an endorsement of the current name. When move protection is applied during a requested move discussion the page should be protected at the location it was at when the move request was started.

Upload protected files cannot be replaced with new versions except by an administrator. Upload protection does not protect file pages from editing. Upload protection may be applied by an administrator to:

Files that should not be replaced, such as images used in the interface or transcluded to the main page.

As with full protection, administrators should avoid favoring one file version over another, and protection should not be considered an endorsement of the current file version. An obvious exception to this rule is when files are protected due to upload vandalism.

After a RFC on the reintroduction of pending changes, consensus was determined to be in favor of reactivating pending changes. Pending changes will be reactivated December 1, 2012; if consensus cannot be reached on an alternative or modified policy, Wikipedia:Pending changes/Provisional policy will take effect at that time.

Some areas of Wikipedia are permanently protected by the MediaWiki software. The MediaWiki namespace, which defines parts of the site interface, is fully protected; it is impossible for administrators to remove this protection. In addition, user CSS and JavaScript pages, such as User:Example/monobook.css and User:Example/cologneblue.js, are automatically fully protected. Only accounts that are associated with these pages or administrators are able to edit them. This protection applies to any user subpage with a ".css" or ".js" extension, whether an equivalent MediaWiki skin exists or not. Administrators may modify these pages, for example, to remove a user script that has been used in an inappropriate way.

In addition to the hard-coded protection, the following are usually permanently protected:

As outlined at Wikipedia:Office actions, pages may be protected by Wikimedia Foundation staff in response to issues such as copyright or libel. Such actions override community consensus. Administrators should not edit or unprotect such pages without permission from Wikimedia Foundation staff. A list of pages under the scrutiny of the Wikimedia Foundation can be found here.

Cascading protection fully protects a page, and extends that full protection automatically to any page that is transcluded onto the protected page, whether directly or indirectly. This includes templates, images and other media that are hosted on English Wikipedia. Files stored on Commons will not be protected by cascading protection, and need to be temporarily uploaded to English Wikipedia or protected at Commons. Cascading protection:

Should be used only to prevent vandalism when placed on particularly visible pages such as the Main Page.

Is available only for fully protected pages; it is disabled for semi-protected pages as it represents a security flaw. See Bugzilla:8796 for more information.

Is not instantaneous; it may be several hours before it takes effect. See Bugzilla:18483 for more information.

Should generally not be applied directly to templates, as it will not protect transclusions inside <includeonly></includeonly> tags or transclusions that depend on template parameters, but will protect the template's documentation subpage. See the "Templates" section below for alternatives.

Highly visible templates which are used on an extremely large number of pages or substituted with great frequency are particularly vulnerable to vandalism, as vandalism to the template may introduce vandalism to hundreds of other pages. Therefore, they are frequently semi- or fully protected based on the degree of visibility, type of use, content, and other factors.

Semi and fully protected templates should normally have the {{documentation}} template. It loads the unprotected /doc page, so that non-admins and IP-users can edit the documentation, categories and interwiki links. It also automatically adds {{pp-template}} to protected templates, which displays a small padlock in the top right corner and categorizes the template as a protected template. Only manually add {{pp-template}} to protected templates that don't use {{documentation}} (mostly the stub and flag templates).

Cascading protection should generally not be applied directly to templates, as it will not protect transclusions inside <includeonly></includeonly> tags or transclusions that depend on template parameters, but will protect the template's documentation subpage. Instead, consider any of the following:

If the set of subtemplates is static (even if large), protect them using normal protection mechanisms.

If the full set of subtemplates is transcluded whenever the main template is trancluded, transclude the main template on Wikipedia:Cascade-protected items or a similar page.

User pages and subpages are sometimes protected at the user's request if there is evidence of vandalism/disruption or other good reason to do so. User talk pages are rarely protected, and are semi-protected for short durations only in the most severe cases of vandalism from IP users.

Users whose talk page is semi-protected for lengthy or indefinite periods of time should ideally have an unprotected user talk subpage linked conspicuously from their main talk page to allow good faith comments from non-autoconfirmed users - if this isn't the case the user in question should be contacted via the help desk. A message referring editors to the help desk should be placed on the semi-protected page.

Retired users may have their user pages protected upon request. Talk pages of retired editors are not usually protected except with limited duration to deal with vandalism. A user's request to have his or her own talk page protected due to retirement is not a sufficient rationale to protect the page.

Blocked users' user pages and user talk pages should not ordinarily be protected, as this interferes with the user's ability to contest their block through the normal process. In extreme cases of abuse, such as abuse of the {{unblock}} template, the talk page may be protected for a short time to prevent abusive editing. When required, it should be implemented for a brief period which should not exceed the length of the block, whichever is shorter. Consider disabling the user's talk page access via the block feature instead. In cases where the user has been blocked indefinitely, they should be informed of off-wiki ways to appeal their block, such as the UTRS tool interface or ban appeals subcommittee of the Arbitration Committee. Confirmed socks of registered users should be dealt with in accordance with Wikipedia:Sockpuppetry; their pages are not normally protected.

Wikipedia:Sandbox and other sandboxes should also not ordinarily be protected since their purpose is to let new users test and experiment with wiki syntax. These pages are automatically cleaned every 12 hours, although they are frequently overwritten by other testing users much faster than that. Those who do use the sandboxes for malicious purposes, or to violate policies such as no personal attacks, civility, and copyrights, should instead be warned and/or blocked.

The following templates may be added at the very top of a page to indicate that it is protected:

On redirect pages, add Category:Protected redirects below the redirect line. A protection template may also be added below the redirect line, but it will only serve to categorize the page, as it will not be visible on the page.